bitcoin-ruby 0.0.6 → 0.0.7

data/lib/bitcoin/builder.rb

@@ -432,11 +432,13 @@ module Bitcoin
     #    o.value 12345
     #    o.script {|s| s.recipient address }
     #  end
+    #
+    #  t.output {|o| o.to "deadbeef", OP_RETURN }
     class TxOutBuilder
       attr_reader :txout
 
       def initialize
-        @txout = P::TxOut.new
+        @txout = P::TxOut.new(0)
       end
 
       # Set output value (in base units / "satoshis")

data/lib/bitcoin/connection.rb

@@ -3,6 +3,7 @@
 require 'socket'
 require 'eventmachine'
 require 'bitcoin'
+require 'resolv'
 
 module Bitcoin
 
@@ -107,7 +108,7 @@ module Bitcoin
     def self.connect_random_from_dns(connections)
       seeds = Bitcoin.network[:dns_seeds]
       if seeds.any?
-        host = `nslookup #{seeds.sample}`.scan(/Address\: (.+)$/).flatten.sample
+        host = Resolv::DNS.new.getaddresses(seeds.sample).map {|a| a.to_s}.sample
         connect(host, Bitcoin::network[:default_port], connections)
       else
         raise "No DNS seeds available. Provide IP, configure seeds, or use different network."

data/lib/bitcoin/contracthash.rb

@@ -0,0 +1,76 @@
+#
+# Ruby port of https://github.com/Blockstream/contracthashtool
+#
+
+module Bitcoin
+  module ContractHash
+
+    HMAC_DIGEST = OpenSSL::Digest.new("SHA256")
+    EC_GROUP = OpenSSL::PKey::EC::Group.new("secp256k1")
+
+    def self.hmac(pubkey, data)
+      OpenSSL::HMAC.hexdigest(HMAC_DIGEST, pubkey, data)
+    end
+
+    # generate a contract address
+    def self.generate(redeem_script_hex, payee_address_or_ascii, nonce_hex=nil)
+      redeem_script = Bitcoin::Script.new([redeem_script_hex].pack("H*"))
+      raise "only multisig redeem scripts are currently supported" unless redeem_script.is_multisig?
+      nonce_hex, data = compute_data(payee_address_or_ascii, nonce_hex)
+
+      derived_keys = []
+      redeem_script.get_multisig_pubkeys.each do |pubkey|
+        tweak = hmac(pubkey, data).to_i(16)
+        raise "order exceeded, pick a new nonce" if tweak >= EC_GROUP.order.to_i
+        tweak = OpenSSL::BN.new(tweak.to_s)
+
+        key = Bitcoin::Key.new(nil, pubkey.unpack("H*")[0])
+        key = key.instance_variable_get(:@key)
+        point = EC_GROUP.generator.mul(tweak).ec_add(key.public_key).to_bn.to_i
+        raise "infinity" if point == 1/0.0
+
+        key = Bitcoin::Key.new(nil, point.to_s(16))
+        key.instance_eval{ @pubkey_compressed = true }
+        derived_keys << key.pub
+      end
+
+      m = redeem_script.get_signatures_required
+      p2sh_script, redeem_script = Bitcoin::Script.to_p2sh_multisig_script(m, *derived_keys)
+
+      [ nonce_hex, redeem_script.unpack("H*")[0], Bitcoin::Script.new(p2sh_script).get_p2sh_address ]
+    end
+
+    # claim a contract
+    def self.claim(private_key_wif, payee_address_or_ascii, nonce_hex)
+      key = Bitcoin::Key.from_base58(private_key_wif)
+      data = compute_data(payee_address_or_ascii, nonce_hex)[1]
+
+      pubkey = [key.pub].pack("H*")
+      tweak = hmac(pubkey, data).to_i(16)
+      raise "order exceeded, verify parameters" if tweak >= EC_GROUP.order.to_i
+
+      derived_key = (tweak + key.priv.to_i(16)) % EC_GROUP.order.to_i
+      raise "zero" if derived_key == 0
+
+      Bitcoin::Key.new(derived_key.to_s(16))
+    end
+
+    # compute HMAC data
+    def self.compute_data(address_or_ascii, nonce_hex)
+      nonce = nonce_hex ? [nonce_hex].pack("H32") : SecureRandom.random_bytes(16)
+      if Bitcoin.valid_address?(address_or_ascii)
+        address_type = case Bitcoin.address_type(address_or_ascii)
+                       when :hash160;  'P2PH'
+                       when :p2sh;     'P2SH'
+                       else
+                         raise "unsupported address type #{address_type}"
+                       end
+        contract_bytes = [ Bitcoin.hash160_from_address(address_or_ascii) ].pack("H*")
+      else
+        address_type = "TEXT"
+        contract_bytes = address_or_ascii
+      end
+      [ nonce.unpack("H*")[0], address_type + nonce + contract_bytes ]
+    end
+  end
+end

data/lib/bitcoin/dogecoin.rb

@@ -0,0 +1,97 @@
+# encoding: ascii-8bit
+
+# This module includes (almost) everything necessary to add dogecoin support
+# to bitcoin-ruby. When switching to a :dogecoin network, it will load its
+# functionality into the Script class.
+# The only things not included here should be parsing the AuxPow, which is
+# done in Protocol::Block directly, and passing the txout to #store_doge from
+# the storage backend.
+module Bitcoin::Dogecoin
+
+  def self.load
+    Bitcoin::Util.class_eval { include Util }
+  end
+
+  # fixed reward past the 600k block
+  POST_600K_REWARD = 10000 * Bitcoin::COIN
+
+  # Dogecoin-specific Script methods for parsing and creating of dogecoin scripts,
+  # as well as methods to extract address, doge_hash, doge and value.
+  module Util
+
+    def self.included(base)
+      base.constants.each {|c| const_set(c, base.const_get(c)) unless constants.include?(c) }
+      base.class_eval do
+
+        def block_creation_reward(block_height)
+          if block_height < Bitcoin.network[:difficulty_change_block]
+            # Dogecoin early rewards were random, using part of the hash of the
+            # previous block as the seed for the Mersenne Twister algorithm.
+            # Given we don't have previous block hash available, and this value is
+            # functionally a maximum (not exact value), I'm using the maximum the random
+            # reward generator can produce and calling it good enough.
+            Bitcoin.network[:reward_base] / (2 ** (block_height / Bitcoin.network[:reward_halving].to_f).floor) * 2
+          elsif block_height < 600000
+            Bitcoin.network[:reward_base] / (2 ** (block_height / Bitcoin.network[:reward_halving].to_f).floor)
+          else
+            POST_600K_REWARD
+          end
+        end
+        
+        def block_new_target(prev_height, prev_block_time, prev_block_bits, last_retarget_time)
+          new_difficulty_protocol = (prev_height + 1) >= Bitcoin.network[:difficulty_change_block]
+
+          # target interval for block interval in seconds
+          retarget_time = Bitcoin.network[:retarget_time]
+
+          if new_difficulty_protocol
+            # what is the ideal interval between the blocks
+            retarget_time = Bitcoin.network[:retarget_time_new]
+          end
+
+          # actual time elapsed since last retarget
+          actual_time = prev_block_time - last_retarget_time
+
+          if new_difficulty_protocol
+            # DigiShield implementation - thanks to RealSolid & WDC for this code
+            # We round always towards zero to match the C++ version
+            if actual_time < retarget_time
+              actual_time = retarget_time + ((actual_time - retarget_time) / 8.0).ceil
+            else
+              actual_time = retarget_time + ((actual_time - retarget_time) / 8.0).floor
+            end
+            # amplitude filter - thanks to daft27 for this code
+            min = retarget_time - (retarget_time/4)
+            max = retarget_time + (retarget_time/2)
+          elsif prev_height+1 > 10000
+            min = retarget_time / 4
+            max = retarget_time * 4
+          elsif prev_height+1 > 5000
+            min = retarget_time / 8
+            max = retarget_time * 4
+          else
+            min = retarget_time / 16
+            max = retarget_time * 4
+          end
+
+          actual_time = min if actual_time < min
+          actual_time = max if actual_time > max
+
+          # It could be a bit confusing: we are adjusting difficulty of the previous block, while logically
+          # we should use difficulty of the previous 2016th block ("first")
+
+          prev_target = decode_compact_bits(prev_block_bits).to_i(16)
+
+          new_target = prev_target * actual_time / retarget_time
+          if new_target < Bitcoin.decode_compact_bits(Bitcoin.network[:proof_of_work_limit]).to_i(16)
+            encode_compact_bits(new_target.to_s(16))
+          else
+            Bitcoin.network[:proof_of_work_limit]
+          end
+        end
+      end
+    end
+
+  end
+
+end

data/lib/bitcoin/ffi/bitcoinconsensus.rb

@@ -0,0 +1,74 @@
+# encoding: ascii-8bit
+
+require 'ffi'
+
+# Wraps bitcoinconsensus.so (https://github.com/bitcoin/bitcoin)
+# commit: 90c71548c795787b008bc337cb9332f75d1bccdb
+
+module Bitcoin
+  module BitcoinConsensus
+    extend FFI::Library
+
+    SCRIPT_VERIFY_NONE      = 0
+    SCRIPT_VERIFY_P2SH      = (1 << 0)
+    SCRIPT_VERIFY_STRICTENC = (1 << 1)
+    SCRIPT_VERIFY_DERSIG    = (1 << 2)
+    SCRIPT_VERIFY_LOW_S     = (1 << 3)
+    SCRIPT_VERIFY_NULLDUMMY = (1 << 4)
+    SCRIPT_VERIFY_SIGPUSHONLY = (1 << 5)
+    SCRIPT_VERIFY_MINIMALDATA = (1 << 6)
+    SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1 << 7)
+    SCRIPT_VERIFY_CLEANSTACK = (1 << 8)
+
+    ERR_CODES = { 0 => :ok, 1 => :tx_index, 2 => :tx_size_mismatch, 3 => :tx_deserialize }
+
+    def self.ffi_load_functions(file)
+      class_eval <<-RUBY
+        ffi_lib [ %[#{file}] ]
+        attach_function :bitcoinconsensus_version, [], :uint
+
+        # int bitcoinconsensus_verify_script(const unsigned char *scriptPubKey, unsigned int scriptPubKeyLen,
+        #                                    const unsigned char *txTo        , unsigned int txToLen,
+        #                                    unsigned int nIn, unsigned int flags, bitcoinconsensus_error* err);
+        attach_function :bitcoinconsensus_verify_script, [:pointer, :uint, :pointer, :uint, :uint, :uint, :pointer], :int
+      RUBY
+    end
+
+    def self.lib_available?
+      @__lib_path ||= [ ENV['BITCOINCONSENSUS_LIB_PATH'], 'vendor/bitcoin/src/.libs/libbitcoinconsensus.so' ].find{|f| File.exists?(f.to_s) }
+    end
+
+    def self.init
+      return if @bitcoin_consensus
+      lib_path = lib_available?
+      ffi_load_functions(lib_path)
+      @bitcoin_consensus = true
+    end
+
+    # api version
+    def self.version
+      init
+      bitcoinconsensus_version
+    end
+
+    def self.verify_script(input_index, script_pubkey, tx_payload, script_flags)
+      init
+
+      scriptPubKey = FFI::MemoryPointer.new(:uchar, script_pubkey.bytesize).put_bytes(0, script_pubkey)
+      txTo = FFI::MemoryPointer.new(:uchar, tx_payload.bytesize).put_bytes(0, tx_payload)
+      error_ret = FFI::MemoryPointer.new(:uint)
+
+      ret = bitcoinconsensus_verify_script(scriptPubKey, scriptPubKey.size, txTo, txTo.size, input_index, script_flags, error_ret)
+
+      case ret
+      when 0
+        false
+      when 1
+        (ERR_CODES[error_ret.read_int] == :ok) ? true : false
+      else
+        raise "error invalid result"
+      end
+    end
+
+  end
+end

data/lib/bitcoin/ffi/openssl.rb

@@ -3,7 +3,7 @@
 # autoload when you need to re-generate a public_key from only its private_key.
 # ported from: https://github.com/sipa/bitcoin/blob/2d40fe4da9ea82af4b652b691a4185431d6e47a8/key.h
 
-Bitcoin.require_dependency :ffi, exit: false, message: "Skipping FFI needed for OpenSSL_EC methods."
+require 'ffi'
 
 module Bitcoin
 module OpenSSL_EC
@@ -27,7 +27,7 @@ module OpenSSL_EC
   attach_function :BN_CTX_new, [], :pointer
   attach_function :BN_add, [:pointer, :pointer, :pointer], :int
   attach_function :BN_bin2bn, [:pointer, :int, :pointer], :pointer
-  attach_function :BN_bn2bin, [:pointer, :pointer], :void
+  attach_function :BN_bn2bin, [:pointer, :pointer], :int
   attach_function :BN_cmp, [:pointer, :pointer], :int
   attach_function :BN_copy, [:pointer, :pointer], :pointer
   attach_function :BN_dup, [:pointer], :pointer
@@ -38,7 +38,9 @@ module OpenSSL_EC
   attach_function :BN_mul_word, [:pointer, :int], :int
   attach_function :BN_new, [], :pointer
   attach_function :BN_rshift, [:pointer, :pointer, :int], :int
+  attach_function :BN_rshift1, [:pointer, :pointer], :int
   attach_function :BN_set_word, [:pointer, :int], :int
+  attach_function :BN_sub, [:pointer, :pointer, :pointer], :int
   attach_function :EC_GROUP_get_curve_GFp, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
   attach_function :EC_GROUP_get_degree, [:pointer], :int
   attach_function :EC_GROUP_get_order, [:pointer, :pointer, :pointer], :int
@@ -61,6 +63,13 @@ module OpenSSL_EC
   attach_function :ECDSA_do_sign, [:pointer, :uint, :pointer], :pointer
   attach_function :BN_num_bits, [:pointer], :int
   attach_function :ECDSA_SIG_free, [:pointer], :void
+  attach_function :EC_POINT_add, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+  attach_function :EC_POINT_point2hex, [:pointer, :pointer, :int, :pointer], :string
+  attach_function :EC_POINT_hex2point, [:pointer, :string, :pointer, :pointer], :pointer
+  attach_function :ECDSA_SIG_new, [], :pointer
+  attach_function :d2i_ECDSA_SIG, [:pointer, :pointer, :long], :pointer
+  attach_function :i2d_ECDSA_SIG, [:pointer, :pointer], :int
+  attach_function :OPENSSL_free, :CRYPTO_free, [:pointer], :void
 
   def self.BN_num_bytes(ptr); (BN_num_bits(ptr) + 7) / 8; end
 
@@ -223,6 +232,50 @@ module OpenSSL_EC
     pub_hex
   end
 
+  # Regenerate a DER-encoded signature such that the S-value complies with the BIP62
+  # specification.
+  #
+  def self.signature_to_low_s(signature)
+    init_ffi_ssl
+
+    buf = FFI::MemoryPointer.new(:uint8, 34)
+    temp = signature.unpack("C*")
+    length_r = temp[3]
+    length_s = temp[5+length_r]
+    sig = FFI::MemoryPointer.from_string(signature)
+
+    # Calculate the lower s value
+    s = BN_bin2bn(sig[6 + length_r], length_s, BN_new())
+    eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
+    group, order, halforder, ctx = EC_KEY_get0_group(eckey), BN_new(), BN_new(), BN_CTX_new()
+
+    EC_GROUP_get_order(group, order, ctx)
+    BN_rshift1(halforder, order)
+    if BN_cmp(s, halforder) > 0
+      BN_sub(s, order, s)
+    end
+
+    BN_free(halforder)
+    BN_free(order)
+    BN_CTX_free(ctx)
+
+    length_s = BN_bn2bin(s, buf)
+    # p buf.read_string(length_s).unpack("H*")
+
+    # Re-encode the signature in DER format
+    sig = [0x30, 0, 0x02, length_r]
+    sig.concat(temp.slice(4, length_r))
+    sig << 0x02
+    sig << length_s
+    sig.concat(buf.read_string(length_s).unpack("C*"))
+    sig[1] = sig.size - 2
+
+    BN_free(s)
+    EC_KEY_free(eckey)
+
+    sig.pack("C*")
+  end
+
   def self.sign_compact(hash, private_key, public_key_hex = nil, pubkey_compressed = nil)
     private_key = [private_key].pack("H*") if private_key.bytesize >= 64
     private_key_hex = private_key.unpack("H*")[0]
@@ -279,6 +332,49 @@ module OpenSSL_EC
     pubkey = recover_public_key_from_signature(hash, signature, version-27, compressed)
   end
 
+  # lifted from https://github.com/GemHQ/money-tree
+  def self.ec_add(point_0, point_1)
+    init_ffi_ssl
+
+    eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
+    group = EC_KEY_get0_group(eckey)
+
+    point_0_hex = point_0.to_bn.to_s(16)
+    point_0_pt = EC_POINT_hex2point(group, point_0_hex, nil, nil)
+    point_1_hex = point_1.to_bn.to_s(16)
+    point_1_pt = EC_POINT_hex2point(group, point_1_hex, nil, nil)
+
+    sum_point = EC_POINT_new(group)
+    success = EC_POINT_add(group, sum_point, point_0_pt, point_1_pt, nil)
+    hex = EC_POINT_point2hex(group, sum_point, POINT_CONVERSION_UNCOMPRESSED, nil)
+    EC_KEY_free(eckey)
+    EC_POINT_free(sum_point)
+    hex
+  end
+
+  # repack signature for OpenSSL 1.0.1k handling of DER signatures
+  # https://github.com/bitcoin/bitcoin/pull/5634/files
+  def self.repack_der_signature(signature)
+    init_ffi_ssl
+
+    return false if signature.empty?
+
+    # New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
+    norm_der = FFI::MemoryPointer.new(:pointer)
+    sig_ptr  = FFI::MemoryPointer.new(:pointer).put_pointer(0, FFI::MemoryPointer.from_string(signature))
+
+    norm_sig = d2i_ECDSA_SIG(nil, sig_ptr, signature.bytesize)
+
+    derlen = i2d_ECDSA_SIG(norm_sig, norm_der)
+    ECDSA_SIG_free(norm_sig)
+    return false if derlen <= 0
+
+    ret = norm_der.read_pointer.read_string(derlen)
+    OPENSSL_free(norm_der.read_pointer)
+
+    ret
+  end
+
   def self.init_ffi_ssl
     return if @ssl_loaded
     SSL_library_init()

data/lib/bitcoin/ffi/secp256k1.rb

@@ -0,0 +1,144 @@
+# encoding: ascii-8bit
+
+# Wraps libsecp256k1 (https://github.com/bitcoin/secp256k1)
+# commit: 50cc6ab0625efda6dddf1dc86c1e2671f069b0d8
+
+require 'ffi'
+
+module Bitcoin
+  module Secp256k1
+    extend FFI::Library
+
+    SECP256K1_START_VERIFY = (1 << 0)
+    SECP256K1_START_SIGN   = (1 << 1)
+
+    def self.ffi_load_functions(file)
+      class_eval <<-RUBY
+        ffi_lib [ %[#{file}] ]
+
+        attach_function :secp256k1_start, [:int], :void
+        attach_function :secp256k1_stop, [], :void
+        attach_function :secp256k1_ec_seckey_verify, [:pointer], :int
+        attach_function :secp256k1_ec_pubkey_verify, [:pointer, :int], :int
+        attach_function :secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer, :int], :int
+
+        # int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *sig, int *siglen, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void *ndata)
+        attach_function :secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_verify(const unsigned char *msg32, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen)
+        attach_function :secp256k1_ecdsa_verify, [:pointer, :pointer, :int, :pointer, :int], :int
+
+        # int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig64, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void *ndata, int *recid)
+        attach_function :secp256k1_ecdsa_sign_compact, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid)
+        attach_function :secp256k1_ecdsa_recover_compact, [:pointer, :pointer, :pointer, :pointer, :int, :int], :int
+      RUBY
+    end
+
+    def self.init
+      return if @secp256k1_started
+
+      lib_path = [ ENV['SECP256K1_LIB_PATH'], 'vendor/secp256k1/.libs/libsecp256k1.so' ].find{|f| File.exists?(f.to_s) }
+      lib_path = 'libsecp256k1.so' unless lib_path
+      ffi_load_functions(lib_path)
+
+      secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN)
+      @secp256k1_started = true
+    end
+
+    def self.generate_key_pair(compressed=true)
+      init
+
+      while true do
+        priv_key = SecureRandom.random_bytes(32)
+        priv_key_buf = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, priv_key)
+        break if secp256k1_ec_seckey_verify(priv_key_buf)
+      end
+
+      pub_key_buf = FFI::MemoryPointer.new(:uchar, 65)
+      pub_key_size = FFI::MemoryPointer.new(:int)
+      result = secp256k1_ec_pubkey_create(pub_key_buf, pub_key_size, priv_key_buf, compressed ? 1 : 0)
+      raise "error creating pubkey" unless result
+
+      [ priv_key, pub_key_buf.read_string(pub_key_size.read_int) ]
+    end
+
+    def self.sign(data, priv_key)
+      init
+
+      msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+      seckey = FFI::MemoryPointer.new(:uchar, priv_key.bytesize).put_bytes(0, priv_key)
+      raise "priv_key invalid" unless secp256k1_ec_seckey_verify(seckey)
+
+      sig, siglen = FFI::MemoryPointer.new(:uchar, 72), FFI::MemoryPointer.new(:int).write_int(72)
+
+      while true do
+        break if secp256k1_ecdsa_sign(msg32, sig, siglen, seckey, nil, nil)
+      end
+
+      sig.read_string(siglen.read_int)
+    end
+
+    def self.verify(data, signature, pub_key)
+      init
+
+      data_buf = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+      sig_buf  = FFI::MemoryPointer.new(:uchar, signature.bytesize).put_bytes(0, signature)
+      pub_buf  = FFI::MemoryPointer.new(:uchar, pub_key.bytesize).put_bytes(0, pub_key)
+
+      result = secp256k1_ecdsa_verify(data_buf, sig_buf, sig_buf.size, pub_buf, pub_buf.size)
+
+      case result
+      when  0; false
+      when  1; true
+      when -1; raise "error invalid pubkey"
+      when -2; raise "error invalid signature"
+      else   ; raise "error invalid result"
+      end
+    end
+
+    def self.sign_compact(message, priv_key, compressed=true)
+      init
+
+      msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, message)
+      sig64 = FFI::MemoryPointer.new(:uchar, 64)
+      rec_id = FFI::MemoryPointer.new(:int)
+
+      seckey = FFI::MemoryPointer.new(:uchar, priv_key.bytesize).put_bytes(0, priv_key)
+      raise "priv_key invalid" unless secp256k1_ec_seckey_verify(seckey)
+
+      while true do
+        break if secp256k1_ecdsa_sign_compact(msg32, sig64, seckey, nil, nil, rec_id)
+      end
+
+      header = [27 + rec_id.read_int + (compressed ? 4 : 0)].pack("C")
+      [ header, sig64.read_string(64) ].join
+    end
+
+    def self.recover_compact(message, signature)
+      init
+
+      return nil if signature.bytesize != 65
+
+      version = signature.unpack('C')[0]
+      return nil if version < 27 || version > 34
+
+      compressed = version >= 31 ? true : false
+      version -= 4 if compressed
+
+      recid = version - 27
+      msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, message)
+      sig64 = FFI::MemoryPointer.new(:uchar, 64).put_bytes(0, signature[1..-1])
+      pubkey = FFI::MemoryPointer.new(:uchar, pub_key_len = compressed ? 33 : 65)
+      pubkeylen = FFI::MemoryPointer.new(:int).write_int(pub_key_len)
+
+      result = secp256k1_ecdsa_recover_compact(msg32, sig64, pubkey, pubkeylen, (compressed ? 1 : 0), recid)
+
+      return nil unless result
+
+      pubkey.read_bytes(pubkeylen.read_int)
+    end
+
+  end
+end